WID-SEC-W-2023-2617
Vulnerability from csaf_certbund - Published: 2023-10-10 22:00 - Updated: 2025-10-27 23:00Summary
Xen: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Xen ist ein Virtueller-Maschinen-Monitor (VMM), der Hardware (x86, IA-64, PowerPC) für die darauf laufenden Systeme (Domains) paravirtualisiert.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Xen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder seine Privilegien zu erweitern.
Betroffene Betriebssysteme
- Linux
- UNIX
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Xen ist ein Virtueller-Maschinen-Monitor (VMM), der Hardware (x86, IA-64, PowerPC) f\u00fcr die darauf laufenden Systeme (Domains) paravirtualisiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Xen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder seine Privilegien zu erweitern.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2617 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2617.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2617 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2617"
},
{
"category": "external",
"summary": "Xen Security Advisory XSA-440 vom 2023-10-10",
"url": "https://xenbits.xen.org/xsa/advisory-440.html"
},
{
"category": "external",
"summary": "Xen Security Advisory XSA-441 vom 2023-10-10",
"url": "https://xenbits.xen.org/xsa/advisory-441.html"
},
{
"category": "external",
"summary": "Xen Security Advisory XSA-442 vom 2023-10-10",
"url": "https://xenbits.xen.org/xsa/advisory-442.html"
},
{
"category": "external",
"summary": "Xen Security Advisory XSA-443 vom 2023-10-10",
"url": "https://xenbits.xen.org/xsa/advisory-443.html"
},
{
"category": "external",
"summary": "Xen Security Advisory XSA-444 vom 2023-10-10",
"url": "https://xenbits.xen.org/xsa/advisory-444.html"
},
{
"category": "external",
"summary": "Citrix Security Advisory CTX575089 vom 2023-10-10",
"url": "https://support.citrix.com/article/CTX575089"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-A4C606585E vom 2023-10-11",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-a4c606585e"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-DE338D9F37 vom 2023-10-11",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-de338d9f37"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-881672FDAB vom 2023-10-12",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-881672fdab"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4054-1 vom 2023-10-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016642.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4055-1 vom 2023-10-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016641.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4174-1 vom 2023-10-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016823.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4183-1 vom 2023-10-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016831.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4184-1 vom 2023-10-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016830.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4185-1 vom 2023-10-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016829.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6461-1 vom 2023-10-31",
"url": "https://ubuntu.com/security/notices/USN-6461-1"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.15-2023-029 vom 2023-11-01",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2023-029.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.10-2023-042 vom 2023-11-01",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2023-042.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.4-2023-055 vom 2023-11-01",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2023-055.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2023-2328 vom 2023-11-02",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2328.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4359-1 vom 2023-11-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/016991.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4358-1 vom 2023-11-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/016992.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4378-1 vom 2023-11-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017004.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4377-1 vom 2023-11-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017001.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4375-1 vom 2023-11-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017006.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4414-1 vom 2023-11-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017017.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4476-1 vom 2023-11-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017058.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4475-1 vom 2023-11-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017059.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1883 vom 2023-12-04",
"url": "https://alas.aws.amazon.com/ALAS-2023-1883.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-13049 vom 2023-12-14",
"url": "https://linux.oracle.com/errata/ELSA-2023-13049.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-13048 vom 2023-12-14",
"url": "https://linux.oracle.com/errata/ELSA-2023-13048.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5594 vom 2024-01-02",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00001.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3710 vom 2024-01-11",
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3711 vom 2024-01-11",
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6624-1 vom 2024-02-07",
"url": "https://ubuntu.com/security/notices/USN-6624-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6625-1 vom 2024-02-07",
"url": "https://ubuntu.com/security/notices/USN-6625-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6626-1 vom 2024-02-08",
"url": "https://ubuntu.com/security/notices/USN-6626-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6625-2 vom 2024-02-08",
"url": "https://ubuntu.com/security/notices/USN-6625-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6628-1 vom 2024-02-09",
"url": "https://ubuntu.com/security/notices/USN-6628-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6626-2 vom 2024-02-14",
"url": "https://ubuntu.com/security/notices/USN-6626-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6628-2 vom 2024-02-15",
"url": "https://ubuntu.com/security/notices/USN-6628-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6626-3 vom 2024-02-16",
"url": "https://ubuntu.com/security/notices/USN-6626-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6652-1 vom 2024-02-23",
"url": "https://ubuntu.com/security/notices/USN-6652-1"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202409-10 vom 2024-09-22",
"url": "https://security.gentoo.org/glsa/202409-10"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.4-2025-112 vom 2025-10-27",
"url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.4-2025-112.html"
}
],
"source_lang": "en-US",
"title": "Xen: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-10-27T23:00:00.000+00:00",
"generator": {
"date": "2025-10-28T09:48:34.542+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2023-2617",
"initial_release_date": "2023-10-10T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-10-10T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-10-11T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2023-10-12T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-10-24T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-10-31T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-11-01T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-11-02T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-11-05T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-11-06T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-11-09T23:00:00.000+00:00",
"number": "10",
"summary": "CVE erg\u00e4nzt"
},
{
"date": "2023-11-12T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-11-16T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-12-04T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-12-14T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-01-02T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-01-11T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-02-07T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-02-08T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-02-13T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-02-14T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-02-15T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-02-25T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-09-22T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2025-10-27T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Amazon aufgenommen"
}
],
"status": "final",
"version": "24"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Citrix Systems Hypervisor",
"product": {
"name": "Citrix Systems Hypervisor",
"product_id": "T016872",
"product_identification_helper": {
"cpe": "cpe:/o:citrix:hypervisor:-"
}
}
},
{
"category": "product_name",
"name": "Citrix Systems XenServer",
"product": {
"name": "Citrix Systems XenServer",
"product_id": "T004077",
"product_identification_helper": {
"cpe": "cpe:/a:citrix:xenserver:-"
}
}
}
],
"category": "vendor",
"name": "Citrix Systems"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.17",
"product": {
"name": "Open Source Xen \u003c4.17",
"product_id": "T030383"
}
},
{
"category": "product_version",
"name": "4.17",
"product": {
"name": "Open Source Xen 4.17",
"product_id": "T030383-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:xen:xen:4.17"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.15",
"product": {
"name": "Open Source Xen \u003c4.15",
"product_id": "T030384"
}
},
{
"category": "product_version",
"name": "4.15",
"product": {
"name": "Open Source Xen 4.15",
"product_id": "T030384-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:xen:xen:4.15"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.16",
"product": {
"name": "Open Source Xen \u003c4.16",
"product_id": "T030385"
}
},
{
"category": "product_version",
"name": "4.16",
"product": {
"name": "Open Source Xen 4.16",
"product_id": "T030385-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:xen:xen:4.16"
}
}
}
],
"category": "product_name",
"name": "Xen"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-34323",
"product_status": {
"known_affected": [
"T004077",
"2951",
"T002207",
"T000126",
"398363",
"T012167",
"T004914",
"T030383",
"T016872",
"74185",
"T030385",
"T030384"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-34323"
},
{
"cve": "CVE-2023-34324",
"product_status": {
"known_affected": [
"T004077",
"2951",
"T002207",
"T000126",
"398363",
"T012167",
"T004914",
"T030383",
"T016872",
"74185",
"T030385",
"T030384"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-34324"
},
{
"cve": "CVE-2022-4949",
"product_status": {
"known_affected": [
"T004077",
"2951",
"T002207",
"T000126",
"398363",
"T012167",
"T004914",
"T030383",
"T016872",
"74185",
"T030385",
"T030384"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2022-4949"
},
{
"cve": "CVE-2023-34325",
"product_status": {
"known_affected": [
"T004077",
"2951",
"T002207",
"T000126",
"398363",
"T012167",
"T004914",
"T030383",
"T016872",
"74185",
"T030385",
"T030384"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-34325"
},
{
"cve": "CVE-2023-34326",
"product_status": {
"known_affected": [
"T004077",
"2951",
"T002207",
"T000126",
"398363",
"T012167",
"T004914",
"T030383",
"T016872",
"74185",
"T030385",
"T030384"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-34326"
},
{
"cve": "CVE-2023-34327",
"product_status": {
"known_affected": [
"T004077",
"2951",
"T002207",
"T000126",
"398363",
"T012167",
"T004914",
"T030383",
"T016872",
"74185",
"T030385",
"T030384"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-34327"
},
{
"cve": "CVE-2023-34328",
"product_status": {
"known_affected": [
"T004077",
"2951",
"T002207",
"T000126",
"398363",
"T012167",
"T004914",
"T030383",
"T016872",
"74185",
"T030385",
"T030384"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-34328"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…